IETF Logo Mail Archive

Re: [IPsec] RFC 4307bis

Yoav Nir <ynir.ietf@gmail.com> Tue, 10 November 2015 19:11 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FB5D1B3D37 for <ipsec@ietfa.amsl.com>; Tue, 10 Nov 2015 11:11:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.4
X-Spam-Level:
X-Spam-Status: No, score=-3.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, GB_I_INVITATION=-2, J_CHICKENPOX_34=0.6, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J0VyQl4bNJDR for <ipsec@ietfa.amsl.com>; Tue, 10 Nov 2015 11:11:42 -0800 (PST)
Received: from mail-wm0-x22c.google.com (mail-wm0-x22c.google.com [IPv6:2a00:1450:400c:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF8E41B3D32 for <ipsec@ietf.org>; Tue, 10 Nov 2015 11:11:41 -0800 (PST)
Received: by wmvv187 with SMTP id v187so23680549wmv.1 for <ipsec@ietf.org>; Tue, 10 Nov 2015 11:11:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=HZcWmi5xDwu9V4Uvsd7yuHvlOPzjMN99hdPGWkIOVkU=; b=j9IsCswBq6Sv6Bj5JKWEqjAH5lH1TV3b+j2kJtlYOglAXuLucJh6vXv6wCb+DEr4MC rrTbZF9bJeZUy12pSQXDHQygKTFB/CuJdJjGOZXUS4JVsGuChUYkgn/m0hGwBJfhTg/T 5wPLLXyveE4/uy+Q5Yar3bjvfEzLOoN4CxjItpMoFpG9uTq6zqE1le52KLRtcQ+qtbC9 WvdqLDuIyFIoW2316R6zrQUma1eWGZQspNGW0pA/nGqPDcVeQPH3Xpam3Aqzrlv8DcFo Ov6zfSMEbeE/cTTKKTGMV2PQ0uQCTYr1zAqBTadftGvB7ssDPkFtMQr0xHA378PuvuQ+ PbbA==
X-Received: by 10.28.217.6 with SMTP id q6mr7035220wmg.5.1447182700461; Tue, 10 Nov 2015 11:11:40 -0800 (PST)
Received: from [192.168.1.14] ([46.120.13.132]) by smtp.gmail.com with ESMTPSA id ej10sm4141903wjd.32.2015.11.10.11.11.38 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 10 Nov 2015 11:11:39 -0800 (PST)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 9.1 \(3096.5\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <56421D6F.7080506@gmail.com>
Date: Tue, 10 Nov 2015 21:11:37 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <7C75B957-142C-426F-ABF7-81129E2EE15B@gmail.com>
References: <0748F101-7104-4F07-B440-31A9CF63BE32@gmail.com> <9EBE3C6E-C7F2-4327-B4E2-3363BD96ECC1@gmail.com> <BFE49F4B-944E-4B7F-9327-8AA0FCD4386D@vpnc.org> <CADZyTkkLNbp-D_vOBt-hnq1y+0kz8co77FCyDT-pPup2Hpjo3A@mail.gmail.com> <A0CF7441-A4FF-452E-BC93-94F22F3CB34C@gmail.com> <56421D6F.7080506@gmail.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
X-Mailer: Apple Mail (2.3096.5)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/eMCE3aV4cX9pax8tCpUsqp0KPTI>
Cc: IPsecME WG <ipsec@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [IPsec] RFC 4307bis
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2015 19:11:44 -0000

> On 10 Nov 2015, at 6:38 PM, Yaron Sheffer <yaronf.ietf@gmail.com> wrote:
> 
> A few comments, sorry for not using GitHub.
> 
> I think the following text is kinda funny: "IKEv1 is out of scope of this document. IKEv1 is deprecated and the recommendations of this document MUST NOT be considered for IKEv1." We cannot tell people normatively what they can consider and what they cannot. Let's skip the capitalized MUST NOT.

Sounds reasonable, or even just saying that IKEv1 is out of scope (and therefore we don’t need to say another word about it)
> 
> The rationale for GCM describes why it's in the table, but seems to argue for a MUST (rather than the SHOULD that's in the table). I guess there's a reason why we don't have MUST, let's spell it out.

Yeah. GCM is faster than CBC+HMAC and can be used for more data. That’s important for IPSec, much less for IKE. More importantly, GCM for IPSec was defined in RFC 4106 in 2005 and is widely implemented. GCM for IKE was defined three years later in RFC 5282, and because the need for encryption performance and key longevity was much less got implemented a lot less. (My company’s product does not have it, for example). The focus of this document is interoperability without security mistakes, so GCM for IKE could be no more than a SHOULD.

> "As the overhead of AUTH_HMAC_SHA2_512 is negligible": suggest to change to "as the *additional* overhead".
> 
> I believe we should cite RFC 6194 when recommending against SHA-1.

Recommending against? It’s at MUST- for both MAC and PRF (as HMAC), and we’re currently saying nothing about hashes in signatures.

> "As it is not being deployed" - I suggest the softer "as it is not widely deployed" - we don't really know that nobody had ever deployed it.

Agree. I, for one, implemented it, although I have no statistics telling me how many CP customers are actually configuring it. Probably none, because it’s (a) not the default, and (b) slower than GHash on all platforms, and (c) slower than HMAC-SHA1 on older platforms.

> "and now it is known to be weak at least for a nation state" - suggest to change to "and now it is known to be weak against a nation-state attacker".
> 
> Thanks,
> 	Yaron
> 
> On 11/10/2015 12:33 AM, Yoav Nir wrote:
>> Or for a diff-style view, see the pull request:
>> https://github.com/ietf-ipsecme/drafts/pull/8/files
>> 
>> Yoav
>> 
>>> On 10 Nov 2015, at 12:30 AM, Daniel Migault
>>> <daniel.migault@ericsson.com <mailto:daniel.migault@ericsson.com>> wrote:
>>> 
>>> Hi,
>>> 
>>> You can view the latest changes here:
>>> 
>>> https://github.com/mglt/drafts/blob/d2d31f6f9f0b4d57c8343826ad23fc546b99a467/draft-ietf-ipsecme-rfc4307bis
>>> 
>>> We added some text to recommend the status of each recommended algorithms.
>>> 
>>> On Mon, Nov 9, 2015 at 11:27 AM, Paul Hoffman <paul.hoffman@vpnc.org
>>> <mailto:paul.hoffman@vpnc.org>> wrote:
>>> 
>>>    On 9 Nov 2015, at 5:48, Yoav Nir wrote:
>>> 
>>>        So I’ve merged the changes and submitted version -01 of the draft.
>>> 
>>>        The stub paragraphs explaining the choices of algorithms are
>>>        waiting to be filled. Please submit pull requests.
>>> 
>>>        https://github.com/ietf-ipsecme/drafts/blob/master/draft-ietf-ipsecme-rfc4307bis
>>> 
>>> 
>>>    This is an invitation to the WG to contribute to to this draft. If
>>>    you are already familiar with GitHub, submit pull requests as Yoav
>>>    said. If you are not yet familiar with GitHub, feel free to send
>>>    text to the mailing list, and one of the authors will quickly
>>>    enter those for you in GitHub. That is, being able to use GitHub
>>>    is *not* required for you to contribute text.
>>> 
>>>    --Paul Hoffman
>>> 
>>> 
>>>    _______________________________________________
>>>    IPsec mailing list
>>>    IPsec@ietf.org <mailto:IPsec@ietf.org>
>>>    https://www.ietf.org/mailman/listinfo/ipsec
>>> 
>>> 
>>> _______________________________________________
>>> IPsec mailing list
>>> IPsec@ietf.org <mailto:IPsec@ietf.org>
>>> https://www.ietf.org/mailman/listinfo/ipsec
>> 
>> 
>> 
>> _______________________________________________
>> IPsec mailing list
>> IPsec@ietf.org
>> https://www.ietf.org/mailman/listinfo/ipsec
>>

v2.23.0 | Report a Bug | By Email